Saturday, March 21, 1998Last modified at 3:19 a.m. on Saturday, March 21, 1998

Officials object to encryption software exports

SAN FRANCISCO (AP) - Shipments of a sophisticated encryption program across Europe on Friday may violate American law, a top Commerce Department official said.

But Undersecretary William Reinsch conceded the ban on exporting encryption software is on shaky ground because other governments have yet to back U.S. policy.

"If we can't get our allies to do the same kind of thing we're doing, in a year or so we'll have to review this," Reinsch said.

The latest flap came Friday when a Dutch subsidiary of Network Associates, based in Santa Clara, Calif., began shipments to European cities of a version of Pretty Good Privacy, a top commercial encryption program.

The software scrambles e-mails and files, preventing eavesdroppers from seeing information sent across the Internet and stored in databases.

Reinsch said the Commerce Department objected to the sales because the program has no "key" allowing law enforcement officials to crack codes used to hide illegal activities.

"If you've got international terrorists and international drug dealers engaged in crimes that transcend national borders, you need ... communications that are recoverable," he said.

Federal law requires U.S. companies that write and export sophisticated encryption software to include a "key" or entry point for law enforcement officials to decode data. The limits address concerns that encryption technology may fall into the wrong hands, enabling wrongdoers to mask illicit electronic activities such as money laundering.

Network Associates is getting around the law by having a Swiss company, Cnlab Software, write the software. Since the U.S. company isn't directly involved in either writing or selling the overseas version of Pretty Good Privacy, the software won't contain a key.

Reinsch said the Commerce Department has begun an investigation of Network Associates' action, but hasn't yet determined whether there were any violations of the encryption ban. He could not say how long the investigation might take.

In theory, Network Associates could be liable to criminal charges if the shipments are found to violate U.S. law, although administrative sanctions - such as a ban on future exports - would be more likely.

But the department has already signaled it doesn't view the shipments as an immediate threat.

The Commerce Department could have issued an emergency order prohibiting software sales to Europe while the investigation proceeded, Reinsch acknowledged.

Peter Watkins, head of the security software division at Network Associates, said the new software shipments began Friday in Amsterdam, Netherlands, and would cover much of Europe.